1. Introduction
DAFO CoWorker ("we," "our," or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, process, and safeguard your information when you use our AI-powered collaboration platform and related services.
This policy complies with the General Data Protection Regulation (GDPR), UK Data Protection Act 2018, and other applicable data protection laws.
2. Data Controller Information
Data Controller: DAFO CoWorker
Contact Email: privacy@dafocoworker.com
Data Protection Officer: dpo@dafocoworker.com
3. Information We Collect
3.1 Personal Information
- Name and email address (when you create an account)
- Profile information you choose to provide
- Company information for business accounts
- Communication preferences
3.2 Authentication Data
- Google OAuth tokens and associated profile data (when you connect Google services)
- Microsoft OAuth tokens and associated profile data (when you connect Microsoft services)
- Session tokens for maintaining your login state
3.3 Usage Data
- Interaction data with our AI CoWorkers
- Feature usage analytics
- Error logs and performance data
- Device and browser information
3.4 Email and Calendar Data
When you connect your email and calendar services, we may access:
- Email metadata (sender, recipient, subject, date)
- Calendar events and availability
- Contact information for scheduling purposes
Important: We only access this data when specifically requested by you through our AI CoWorkers and with your explicit consent for each action.
4. Legal Basis for Processing (GDPR)
We process your personal data under the following legal bases:
- Consent: For email/calendar integration and marketing communications
- Contract Performance: To provide our AI CoWorker services
- Legitimate Interest: For service improvement and security
- Legal Obligation: For compliance with applicable laws
5. How We Use Your Information
- Provide and maintain our AI CoWorker services
- Authenticate and authorize access to your account
- Enable email and calendar integration features
- Improve our AI models and services
- Communicate with you about service updates
- Ensure security and prevent fraud
- Comply with legal obligations
6. Data Sharing and Disclosure
We do not sell your personal data. We may share your information only in these circumstances:
- Service Providers: With trusted third-party vendors who help us operate our service
- Legal Requirements: When required by law or to protect our rights
- Business Transfers: In connection with a merger, acquisition, or sale of assets
- With Your Consent: When you explicitly authorize sharing
6.1 Third-Party Services
Our service integrates with:
- Google Services: For Gmail and Google Calendar integration
- Microsoft Services: For Outlook and Microsoft Calendar integration
- OpenAI: For AI processing (data is processed according to OpenAI's data usage policies)
7. Data Retention
- Account Data: Retained while your account is active
- OAuth Tokens: Stored until you disconnect the service
- Usage Logs: Retained for 12 months for security and improvement purposes
- Communication Data: Retained according to your preferences or legal requirements
When you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal purposes.
8. Your Rights (GDPR/UK DPIP)
You have the following rights regarding your personal data:
- Right of Access: Request a copy of your personal data
- Right to Rectification: Correct inaccurate or incomplete data
- Right to Erasure: Request deletion of your personal data
- Right to Restrict Processing: Limit how we use your data
- Right to Data Portability: Receive your data in a portable format
- Right to Object: Object to processing based on legitimate interests
- Right to Withdraw Consent: Withdraw consent for data processing
To exercise these rights, contact us at privacy@dafocoworker.com
9. Data Security
We implement appropriate technical and organizational measures to protect your data:
- Encryption in transit and at rest
- Regular security assessments
- Access controls and authentication
- Employee training on data protection
- Incident response procedures
10. International Data Transfers
If we transfer your data outside the EEA/UK, we ensure adequate protection through:
- Adequacy decisions by relevant authorities
- Standard Contractual Clauses (SCCs)
- Binding Corporate Rules where applicable
11. Cookies and Tracking
We use cookies and similar technologies for:
- Essential functionality (session management)
- Performance analytics (with your consent)
- Security purposes
You can manage cookie preferences in your browser settings.
12. Children's Privacy
Our service is not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16. If you are a parent or guardian and believe your child has provided us with personal data, please contact us.
13. Changes to This Policy
We may update this Privacy Policy periodically. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. For significant changes, we may also send you a direct notification.
14. Contact Us
If you have questions about this Privacy Policy or our data practices, contact us:
- Email: privacy@dafocoworker.com
- Data Protection Officer: dpo@dafocoworker.com
14.1 Supervisory Authority
You have the right to lodge a complaint with your local data protection authority:
- EU: Your local Data Protection Authority
- UK: Information Commissioner's Office (ICO) - ico.org.uk
15. Consent Management
For services requiring consent, you can manage your preferences in your account settings or by contacting us. You can withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.